Welcome to the CISSP Cyber Training Podcast , where we provide you the training and tools you need to pass the CISSP exam the first time . Hi , my name is Sean Gerber and I'm your host for this action-packed , informative podcast . Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge .
All right , let's get started . Let's go . Cybersecurity knowledge .
All right , let's get started . Good morning everybody . This is Sean Gerber with CISSP Cyber Training , and hope you all are having a beautifully blessed day today . Today is CISSP question Thursday . So , yes , we are going to be getting into the questions related to domain 1.6 as it relates to the content that we provided on Monday's podcast .
So that's the ultimate goal of this . Thursday's is to provide you information you need to pass the CISSP through some of the questions and potential questions you may see on the CISSP exam . Again , these questions are not questions that were pulled from ISC squared by any stretch of the imagination .
These are ones just to get you thinking and to think about how domain 1.6 , I thought the questions could be asked of you of that .
But before we get started , I had an article I wanted to kind of just briefly bring up to you , and it is around the recent breach that occurred with the Department of Treasury and this is defined as a attack that would occur from the Chinese government , supposedly . Again , I don't know those information , just reporting what they have here in the news .
But the bottom line is that there was an issue that occurred later this week , or I should say earlier this week related to the Department of Treasury and how they had a major air quotes security incident involving Beyond Trust , which is a cloud-based service , and the point of Beyond Trust is it gives you a lot of different kind of credentials , it acts as a PAM
solution and so , yes , it would be a great target for someone to attack . One of the things that they said was they're bringing up in this article is that no other agencies within the US government were affected by this situation . Okay , I love how these articles come out and I'm just going to just be very transparent . I'm not .
I have no idea if there were more people or more agencies affected by this by any stretch , but what I would ask or bring up is how this attack occurred . You might want to think about . How is it affecting other agencies within the US government ? And this attack occurred because of a compromised API key for remote management services from BeyondTrust .
Now , that whole hole between BeyondTrust and the API key for the Department of Treasury those specific key points is probably covered . Yeah , it's probably good . There's probably no issues there whatsoever .
That being said , if you are the federal government , they are working with other companies as well and they also use APIs and they use API remote management services . So the question really comes down to is what kind of control do they have over their API infrastructure ?
I've been saying this for a long time on CISSP , cyber Training , and anybody that'll listen to me is the APIs , in my mind , are one of the biggest vulnerabilities we have within the security space , and the reason I say that is because in most cases , they are unmanaged .
They're allowing people to make a connection into your environment and the goal is that you have tight controls over it , allowing what comes in , what goes out . But because they're so easy to establish , it can be very tempting for an individual to go and start up an API connection and go , oh it works , life is good and , yeah , it does work .
Unfortunately , it could , if it's not configured correctly , will create a nice little backdoor for people to get into your environment . So again in this article they're saying that at this time , there's no indication of any other federal agencies that have been impacted by this air quotes incident .
So if you are a cybersecurity professional or an IT professional of any kind and you have APIs within your environment , you may want to look at this pretty hard on how you are managing your APIs . We talked about this . They need to go through a gateway of some kind . You need to route all of your APIs through one central spot , one at a minimum .
It gives you a level of visibility into these API connections and two , it gives you some security controls over what's occurring . You should not allow just anybody to willy-nilly add APIs to your organization .
So again , I bring this up to the point of the fact that if you have this situation , or at least in the case of the Department of Treasury , there's probably other holes within their environment that they truly need to look at .
Again , the CVE score on this was a 9.8 , which is about as high as you can get , and if this is one situation that occurred , well , you can expect there are probably more . So again , this is an article from Security Week and this is the CISA . No federal agency beyond the treasury was impacted by the air quotes beyond trust incident .
Yeah , go check out your APIs , don't wait for it . All right , let's move into the questions for today . Okay , so again , this is over domain 1.6 . Question one which type of investigation is most likely to involve preponderance of the evidence as a standard of proof , again , in this type of investigation ?
Which type of investigation , I should say , is most likely to involve a . Air quotes preponderance of evidence as the standard of proof a criminal , b , civil , c , regulatory or d ?
And the answer is B civil right , the preponderance of evidence is a civil matter , right , that's what it means that the evidence must show that there's more likely than not that the claim is true . Okay , the lower standard than that is beyond a reasonable doubt , which is used in criminal investigations , and so that the point of it is is youonderance is civil .
Question number two what is the primary purpose of a regulatory investigation ? Again , what is the primary purpose of a regulatory investigation ? A , to enforce internal organizational policies , B , to resolve disputes between private parties , c , to ensure compliance with legal and industry regulations . Or D to collect evidence of criminal prosecution .
For criminal prosecution , I should say . So what is the primary purpose of regulatory investigations ? The answer is C , to ensure compliance with legal and industry regulations . Again , the ultimate goal is that you have many masters in the cybersecurity space .
The ultimate goal is that you have many masters in the cybersecurity space and one of those is the industry , or is your local regulations , between your local and also your federal , depending upon where you are at .
So you need to make sure that if you fall under those guidelines of regulations determined by your local or federal agencies , you need to make sure that you follow them . Question three in which scenario would chain of custody documentation be most critical ? Again , in which scenario would chain of custody documentation be most critical ?
A administrative investigations for policy violations . B internal audit for process improvement . C regulatory investigation for non-compliance or . D criminal investigations for data theft . In which scenario would a chain of custody documentation be most critical ? And the answer is D criminal investigation for data theft .
So , again , chain of custody refers to the documentation and handling of the specific evidence to ensure that its integrity is maintained throughout the entire process . In a criminal investigation , it will be essential to document all of this right .
So if you're going to be dealing with somebody that could potentially go to jail , could have some sort of sentence , you're going to want to make sure that the information or the documentation you have , the evidence , is ironclad . Question four which of the following is the best example of direct evidence in a criminal investigation ?
Again , which of the following is a best example of direct evidence in a criminal investigation ? A a witness statement about observing the theft . B a log file showing unauthorized access to a server . C circumstantial evidence linking a suspect to the crime . C circumstantial evidence linking a suspect to the crime . Or .
D forensics analysis report of a compromised system . So which of the following is a best example of direct evidence in a criminal investigation ? And the answer is A a witness statement about observing the theft . Again , you have somebody , a direct person , a witness .
Seeing that they saw you lift it off of this USB drive would be a direct evidence and that would be admissible in court , right . So you'd be brought in and you would be used to answer what you saw . This is in contrast . You know , a log file or a forensics report would be considered a digital evidence or circumstantial evidence .
If I have somebody that has eyeballs on it , it's a direct evidence . If I have something that's a little bit tangential on the side , it would be something that is more along the lines of digital evidence or circumstantial evidence . Question five when conducting an internal administrative investigation , what is the most important first step ?
So , when conducting an internal administrative investigation , what is the most important first step ? So , when conducting an internal administrative investigation , what is the most important first step ? A alerting law enforcement . B notifying all employees of the investigation C reviewing the organization's policies and procedures . Or . D collecting all available digital evidence .
Again , when conducting internal administrative investigations , what is the most important first step ? And it is C reviewing the organization's policies and procedures .
That's the ultimate goal when you're dealing , your most important first step , because if you don't have those in place and you're trying to do an administrative investigation and the person did something that's outside of what your policies and procedures are , that are outside of what they define , then you could run the risk of you know what .
You really don't have a case here and you just might want to let that sleeping dog lie . It also will maybe make you go . You know what ? I need to make some changes to our overall policy structure . Question six what legal principle must be followed to avoid evidence exclusion in a criminal trial due to unlawful seizure ?
What legal principle must be followed to avoid evidence exclusion in a criminal trial due to unlawful seizure ? A search and seizure laws . B chain of custody . C subpoena authority or D incident response guidelines .
So what's the legal principle must be followed to avoid evidence exclusion in a criminal trial , which means you can't submit the evidence due to unlawful seizure and it would be A search and seizure laws . Again , these laws are set up to govern how evidence can be collected legally In the United States .
The Fourth Amendment protects against unreasonable searches and seizures , and this came out actually , this little bit of trivia came from during the Revolutionary War . There was one of the big issues they had was around the British being able to just go in and seize whatever they want .
So the US created these laws to help put the guardrails upon this and dictate what would be unreasonable searches and seizures . So again , if it's obtained unlawfully , then it may be excluded from the trial . Question seven which regulatory framework specifically addresses data protection and privacy for European Union residents ?
Which regulatory framework specifically addresses data protection and privacy for European Union residents , eu residents ? Okay , a , sox , b GDPR , c PCI , dss or D CCPA . And the answer is B yeah , general Data Protection Regulation , gdpr , aka . It's a comprehensive data protection plan that was put into place , man , many years ago .
There was another one that was set up I can't remember it was data , oh , I can't remember Data Shield or something like that . But this GDPR was designed as an overarching kind of protection and if you fail to meet what GDPR asks for , it is expensive . So people put a lot of time and money into being compliant with GDPR .
Question eight a company's internal investigations revealed an employee is violating a non-compete clause . This type of investigation falls under which category ? So non-compete , an employee's violating it A regulatory , b , civil , c , criminal or D administrative ? Okay then , an employee violating non-compete laws ? And it would be D administrative .
So internal investigations into non-compete clauses would typically be an administrative type of investigation in nature , and they were all more or less come down to you want to enforce the company's policies , so that would be an administrative . Question nine what distinguishes civil investigations from criminal investigations in terms of penalties ?
Again , what distinguishes a civil investigation from a criminal investigation in terms of penalties ? A , criminal investigations focus on financial or injunctive relief . B criminal investigations can result in imprisonment . C criminal investigations only result in financial restitution . Or D criminal investigations are always initiated by private entities .
Okay , what's the difference between civil and criminal ? A , civil investigations focus on financial or injunctive relief . Right , that's the main point of them . They put injunctions in place to prevent certain actions rather than punitive measures like imprisonment . That's the ultimate point .
But again , that comes back to with civil and criminal , the differences in what is defined and needed for evidence Beyond a reasonable doubt is criminal and so therefore , the evidence aspect falls into that category . Question 10 , which of the following best describes circumstantial evidence ? Question 10 is which of the following best describes circumstantial evidence ?
A the direct observation of a criminal act . B evidence that implies a fact but does not directly prove it . C evidence that is inadmissible in court or . D evidence obtained through direct forensic . So again , what best describes circumstantial evidence ? It is B evidence that implies air quotes a fact but does not directly prove it .
So if you see something that isn't directly corroborates that there was an issue , it will then be circumstantial evidence . So again , finding a suspect's fingerprints on a door does not necessarily prove that they committed the burglary , but implies they were present or maybe they showed up earlier or later .
Again , that's just kind of bringing all this little story together . That the circumstantial piece of it . When you're dealing with IT , did the guy actually have USB access ? Did the person log in that day ? Did the person use their USB access , so on and so forth . Question 11 , an investigation into insider trading is likely conducted . By which type of authority ?
So insider trading , who would be doing that ? A criminal law enforcement ? B administrative review committee ? C a private arbitration panel or D financial regulatory body . So an investigation into insider trading is conducted by which type of authority ? And it would most likely be the D , the financial regulatory body .
Now , insider trading again buying and selling securities based on non-public information . If you do that , that violates what the SEC has out there , and so they're highly likely that they would get involved when you're dealing with insider trading .
That being said , you can also say that there would probably be other people involved in this as well , but the financial regulatory body would take lead on these types of situations . It doesn't mean they won't come back after you for criminal aspects , aka Martha Stewart . That's where she ended up dealing with that .
Question 12 , which concept ensures that every individual who handles evidence is recorded ? Which concept ensures that every individual who handles evidence is recorded ? A evidence integrity . B chain of custody . C forensics readiness . Or D digital signature . Again , which concept ? That every individual who handles , touches , deals with it any way is recorded ?
And the answer is B chain of custody . Again , chain of custody tracks the evidence from its collection to the presentation in court , ensuring that everybody who touches it has access that is supposed to have access to it . There's a record of who touched it , when they touched it , and so forth . Question 13 .
Which act governs electronic communication privacy in the United States ? A Sarbanes-Oxley . B computer fraud and abuse act . C electronic communications and privacy act or . D federal information security management act or fisma ? And the answer is c electronic communications privacy act , otherwise known as ecpa .
This , basically , is an act that was put in place for electronic communications and how they can be accessed and intercepted in the united states . Okay , so that's a key factor around that . When you're dealing with socks , you know that focuses on financial practices , computer fraud and abuse act at cfaa .
Cfaa , this deals with computer related crimes , and fisma is focused on the federal information system security . So if you're gonna know the differences , if you're gonna whittle them down , the electronic communications privacy act at least at a minimum has it in the name . Question 14 which of the following is a primary objective for forensic readiness ?
A ensuring regulatory compliance . B reducing investigation time . C enhancing user privacy or . D preparing systems for collection and preserving evidence ? Again , what's the primary objective for forensic readiness ? It is A ensuring regulatory compliance . So forensic readiness involves configuring and managing systems so that the evidence can be efficiently collected and preserved .
So the ultimate goal is you're ready for it , right , this can occur because maybe you have in your organization , you have taps within your organization's network so that you're collecting packet captures , pcaps , and that is then sent to another location where it is stored .
So you are then being primarily ready for the event that you may have to have some sort of forensics capability and this is all . These log files are being sent to a certain spot . Again , this is a strategic kind of thought process that you need to plan for if this is something that's important to your organization .
Question 15 , a whistleblower protection policy primarily addresses which investigation-related concern ? Again , a whistleblower protection policy primarily addresses which investigation-related concern A evidence handling , b investigator bias , c protection from retaliation or D preservation of chain of custody .
So a whistleblower protection policy addresses which investigation-related concern primarily ? Right , and the answer is C protection from retaliation . Whistleblower protections are designed to protect the individuals who report potentially unethical or illegal activities . Right , it's to help them .
It's helped to encourage people to come forward and without having to be worrying that someone's going to throw you under the bus . So that , again , that's the ultimate goal is that the whistleblower piece is protection from retaliation . If you violate that , that can go ugly for everybody .
So you want to make sure that , if you do have that within your organization , you are watching it very closely and you have a good plan in place to deal with whistleblowers , because , yeah , if it comes across that you are not doing well to protect them , you got a lot bigger issues they're going to be fighting .
So they're just a piece of advice , again , not a lawyer just telling you some stuff from experience . Okay , that is all I have for you today . Head on over to CISSP Cyber Training . Go there , you'll enjoy it . I guarantee it . You'll love it . It's awesome . It's got everything you need to pass the CISSP exam . It's all there .
No reason to go around checking out other places , watching videos and other things . It's got it all available for you to include an overall plan for get passing the CISSP . Now , again , I have a blueprint that's within the CISSP network in there in the overall product plan and that plan .
That blueprint , will help you step by step by step , on what you should study to get ready for the CISSP . There's a lot of people out there that can go and cram for this thing , pass it and move on .
Well , that's great , but the nice part about what I have with the blueprint is the blueprint will step you through , help you learn the information so that when you move on to the next role , you actually understand what they're asking of you .
And , to be honest , if you want more money , there's a lot of different companies out there that will promote hey , we can help you get more money . The way you're going to get more money in cyber is you understand the content .
You ain't going to be able to get it just by winging it , because you might wing it for a little while , but then they'll find out and you'll be fired . So the ultimate or you'll get hacked and then you'll be fired the ultimate goal is again to learn this information so that you can then help your company , protect your company from the evil hacker horde .
Now the last thing is is go to also ReduceCyberRiskcom and you can go there , and if you're looking for a consultant , I can help you with that . I've got a lot of partners that I'm working with and we can help you with your needs , from virtual CISOs down to individual security pen testing you name it . It's available to you at reducedcyberriskcom .
So again , cisspcom or cisspcybertrainingcom and reducedcyberriskcom . Head to those , check them out . A lot of great stuff for you . Have a wonderful , wonderful day , and we will catch you all on the flip side , see ya .